Defense.Net,
the only company designed to mitigate the increasing scale and
sophistication of modern Distributed Denial of Service (DDoS) attacks,
today released the top seven tips for e-commerce sites to protect
themselves against cyber-attacks during the busiest shopping season of
the year. The tips, from cybersecurity and DDoS mitigation pioneer
Barrett Lyon, come as new DDoS attacks that can disable the websites of
even well-defended businesses, have increased in scale and frequency
over the past 12 months.

“Online retailers and other companies that rely on their websites for
conducting business need only look back to what happened to Burlington
Coat Factory two years ago when a DDoS attack shut down their website
for 45 hours,” said Barrett Lyon, founder and CTO of Defense.Net, whose
pursuit of hackers operating as part of the Russian mob was chronicled
in the best-selling book, Fatal
System Error. “As 2013 has seen an unprecedented increase in
DDoS attacks, there are some simple steps online retailers can take to
avoid the devastating financial loss of a DDoS attack during the
critical holiday shopping season or on Cyber Monday, the busiest online
shopping day of the year.”

In DDoS attacks, perpetrators assemble an army of compromised computers
(a botnet) to inundate a website with a volume of requests that
overwhelms and crashes the website. Recently, the ease of access to
sophisticated attack tools has advanced to a level where a botnet than
can do millions of dollars of damage within minutes can be rented for $7
per hour. This has proliferated a weapon that was previously in the
domain of sophisticated cybercriminals to a wide audience with varying
motivations for attacking a website – from business competitors to
disgruntled customers or former employees to extortionists to
“hacktivists” that object to merchandise being sold. According to
Forrester, the estimated impact can be around $2.1 million dollars lost
for every four hours a website is down and $27 million for a 24-hour
outage, depending on the size of the business.

“Too many businesses today believe that a DDoS attack ‘could never
happen to me,' but when I recently presented at the ‘Retail Center of
Innovation' event in Silicon Valley and spoke with the top brands
participating at the event, more than one-third said their brands had
been DDoS attacked within the past week,” said Chris Risley, CEO of
Defense.Net. “If a hacker wanted to attack an e-commerce site and
achieve the largest impact, Cyber Monday would be an obvious target.
It's more important than ever that retail sites prepare in advance and
stay ahead of potential attacks.”

The top seven tips for retail e-commerce sites to protect themselves
from a DDoS attack from Barrett Lyon of Defense.Net are:

Assess Your Risk and Avoid the “It Could Never Happen to Me”
Syndrome. Are there disgruntled customers, partners, former
employees, etc. that could feel strongly enough to launch an attack
against you? Do you sell items that could be considered objectionable
by anyone, such as fur coats, items manufactured in actual or
perceived “sweat shops,” etc.? Keep in mind that even if you believe
there is no one that holds a grudge against your business, at any
minute you could receive a “ransom note” from an extortionist that
demands payment to prevent an imminent DDoS attack on your website.

Listen to the Chatter. Many hackers do so for recognition,
especially in the case of DDoS attacks which are frequently used
punitively versus other cybercrime where the perpetrator seeks
financial gain. Keep abreast of news reports, blogs and forums such as
Pastebin that hackers use to brag about their exploits so you can best
prepare before an attack is launched. Closely monitor your brand on
social media, as you'll likely hear about an attack first on Twitter.

Talk to Your Service Provider. Most service providers will
offer DDoS mitigation services at nominal cost. However, it is
important to investigate the bandwidth resources of your service
provider. Note that a large DDoS attack on one of your service
provider's other customers could take down that provider's capability
to protect any additional customers, leaving your site vulnerable.
Another consideration: as attack mitigation is expensive and ancillary
to their core business, most service providers will cancel your
protection if you are regularly attacked.

Consider Additional Mitigation Resources. Research the options
available for a more aggressive defense against DDoS attacks. Options
range from building your own network to installing DDoS mitigation
hardware to using the services of a cloud-based DDoS mitigation
provider. These options vary in cost and complexity, but offer the
best insurance policy against a catastrophic site outage. Note that if
these systems are installed before an attack occurs, the mitigation
will be significantly more effective and less expensive than bringing
in mitigation once an attack has started.

Understand the Warning Signs that Your Site is Under Attack.
DDoS attacks are often misdiagnosed as higher than normal levels of
legitimate traffic. Retailers are especially vulnerable to this during
the holiday shopping season when increases in traffic are expected,
but the amount of increase is unpredictable. By working with your
service provider or developing the internal capability to review the
IP Addresses of the inbound traffic to your website, you can assess
the legitimacy of the visitors to your site and deploy countermeasures
before an attack overwhelms your defenses.

As a Last Resort, Know Who to Call in an Emergency. Prepare a
list of the top mitigation services you can call in to get your site
back up if it has been taken down by a DDoS attack. As noted above,
this will be more expensive and will leave some “collateral damage”
akin to the fire department that breaks windows and walls, leaves
water damage, but extinguishes the fire.

During an Attack, Be Sure to Mind the Store. Recently, DDoS
attacks have been launched as diversions for cybercriminals to steal
credit card information or passwords, or to commit other cybercrime
beyond taking down your website. In other cases, cybercriminals look
for a site under DDoS attack and opportunistically attempt to steal
data when the attention of the company is focused on the DDoS attack
and restoring the website. Ensure that you are equally vigilant to
pile on attacks when mitigating a DDoS attack.

For more information on the current DDoS threat landscape, Defense.Net
Founder and CTO Barrett Lyon developed a white paper which is available
on the Defense.Net
website.